Privacy Notice

Chapman & Co. Leadership Institute

Organizational Culture Survey Normative Database

Date: June 2020



  1. Introduction

Chapman & Co. Leadership Institute provides organizational culture surveys to its clients. This Privacy Notice describes how Chapman & Co. Leadership Institute, Inc. (“the Company”, “we” or “us”) processes data, that in some instances may be considered Personal Data, in relation to the Organizational Culture Surveys Normative Database (“Normative Database”). In this Privacy Notice, Personal Data refers to any information relating to an identified or identifiable person.

We collect Personal Data directly from individuals who respond to the organizational culture surveys (“Respondents”). We also collect Personal Data, especially demographic information, from our clients (i.e. from the employers of these Respondents) before or during the survey. We do not knowingly collect Personal Data about minors.


  1. What Personal Data is Used


2.1 Demographic Information

Categories of Personal Data typically include the following: age; role (exact role title and job category); exemption status (in US); tenure (number of years in this role / with this company); department in the company; work location (town and/or country); type of industry that the company operates in. In addition to this, the client may provide information about the company and its business to be used for the analysis.


2.2 Survey Responses

Survey responses typically include Respondent’s perceptions about Respondent’s leader and other employees, as well as about Respondents themselves and their company as a whole.


2.3 Website Usage

We may also collect information about how the survey website is used, for example the time it takes for Respondents to fill in the survey, or what type of device Respondents use when filling in the survey.


2.4 Personal Data that is not Included in the Normative Database

Even if processed during the surveys, the Normative Database does not contain Respondent’s name, email address, employee identification number, IP address or company name. Further, Personal Data that can be regarded as more sensitive (e.g. race or information about union membership), will not be collected to the Normative Database unless considered necessary, and permissible under applicable law, or with explicit consent when so required by applicable law.



  1. How Personal Data is Used

Personal Data may be processed (also by machine learning and artificial intelligence techniques) for the following purposes: To include statistical comparison data and analysis to our clients (for example, when providing survey results, stating what is an average score for a certain question among the companies within that industry); for the usage tracking, monitoring, analysis and improvement of the service; managing the security and handling technical issues; training purposes; or any other related purposes.


  1. Sharing and Transfer

Personal Data may be accessed and processed, when necessary for the purposes described above, by our relevant team members. When necessary, Personal Data may also be shared in special circumstances with, for example, external advisors including, but not limited to, legal and tax advisors, auditors, creditors, or with relevant authorities or other appropriate parties when required by applicable law. Further, we may use third party service providers (including, for example, software and cloud providers) to process Personal Data on our behalf.

Personal Data may be stored, transferred to, and processed in any country where we have team members or facilities or in which we engage service providers, including in the United States of America. We implement appropriate safeguards to protect Personal Data as required when transferred, including transfers outside the European Union (EU) and European Economic Area (EEA).


  1. Legal Basis and Retention

Processing of Personal Data is mainly based on the legitimate interests of the Company.

Personal Data will be retained in accordance with applicable records retention policies of the Company, or as long as reasonably necessary for the purposes in accordance with applicable legislation, whichever is longer.


  1. Security

We implement and maintain industry standard technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access. We make reasonable efforts to ensure a level of security appropriate to the risk of the processing, taking into account the costs of implementation and the nature, scope, context and purposes of processing of Personal Data.


  1. More Information

Respondents may contact us for more information on how their Personal Data is collected, used, and disclosed. Respondents may also request copies of or rectification or deletion of their Personal Data, when applicable. Depending on the applicable legislation, Respondents may also have the right to lodge a complaint with an applicable supervisory authority regarding how their Personal Data is used.
Contact details for more information and requests:
By email:
By post:
Group Data Protection
Legal Team
Barry-Wehmiller Group
8020 Forstyh Blvd
St. Louis, MO 63105
United State of America


  1. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. Any changes will be posted on the applicable websites.